Installing Configuration Manager 2012 clients on all my servers was fairly easy and straight forward. With one exception – My TMG2010 server running Server 2008R2.
For some reason, the client would install, but would never assign itself to my site, or download policies. The firewall rules allowed it to talk to the ConfigMgr server, and monitoring the traffic showed nothing was being blocked at all.
Much digging in TechNet etc and I found various mentions relating to certificates. This put me on the right track and got me 80% of the way there, but not quite.
There was not a lot of indication of what was going wrong. Most of the logs just weren’t reporting anything, let alone an error. The one log that was showing something is the “ClientIDManagerStartuplog” with repeating entries of
RegTask: Failed to get certificate. Error: 0x80004005
This was the only place I could find an indication of what was wrong.
Various articles say to delete all the files in the MachineKeys certificates folder. That is VERY BAD, DO NOT DO THAT!
While they are misguided, they do point to the correct resolution. Some suggest deleting one specific file which is the SMS certificate. At first, permissions blocked me doing this, but even after deleting it, the problem would repeat.